If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Creating a password list for the BTHomehub2 for PSK cracking

Hiya.
I'm trying to crack my WPA2 CCMP PSK on my BTHomehub2.
I've captured the 4-way handshake but now I'm at a loss.
The key isn't a dictionary word as it seems to be a ten char hex string (I don't know if this is true for all of them, but it certainly seems that may as mine and my parents key both fit that description).

I'm not sure if there is a way to brute-force it with settings to only look for a ten character hex string.

My script-fu is poor so does anyone know a way to create a list for the entire keyspace (0000000001 - ffffffffff)?

Re: Creating a password list for the BTHomehub2 for PSK cracking

I think that the default wpa key is 10 characters long consisting of 0-9 and the letters a-f (in lower case)

I'm not sure that there's a regular pattern either e.g. the letters don't seem to be fixed in the same location for each password, I've seen a few and they're all jumbled. I've been looking at this on and off for sometime and haven't really found a good way of creating a dictionary file for these.

This is how I was going about it before, maybe you could improve on what I'm doing;

it's quick in the sense that you don't have to wait days for a password file that starts with a lot phrases such as 0000000000, 0000000001 etc. but it's a lengthy process when you start doing it over and over! One step that's not in that thread is the sorting after the initial file.

Use

Code:

sort -R file.txt > sort.txt

to randomize the file, then use sed to append the lines. I find it gives you much better passwords, instead of having aaaa1 being appended to aaaa2 etc. etc. (aaaa1aaaa2 is pretty useless)

Another problem is that all the passwords I've made so far are completely random....I've no idea what I have and what I don't so all the work could end up with me having duplicates and completely missed phrases. I could test yours against the wordlist I've created so far, it has about 30 million passwords in it...if you give me your SSID I can create a rainbow table to see if it contains the key? Entirely up to you.

Re: Creating a password list for the BTHomehub2 for PSK cracking

yes it is 10 characters a-f 1-10. if i calculated right a password list is about a trillion combinations. I tried over 1/2 billion and gave up lol. would take ages and a lot of space to make a complete list. i think once prehashed this was over 50gb.
I used a password generator (Password Generator Pro 2008 version) which u can set to make what u want. All mine were random and it checks for repeats. Then i used Pyrit with CUDA, to make the pre hashes.
If anyone comes up with a better formula would be lovely.
Only reason i tried because BT told a customer it was impossible to crack. Well its damn hard, not impossible!
Pyrit is missing from Backtrack 5, a big mistake, but can be installed.

Re: Creating a password list for the BTHomehub2 for PSK cracking

Hi.
Thanks for the replies.

I found Crunch not long after I put the post up, but as I'm new, it took a while for it to be approved.
I wasn't thinking correctly of just how big it would be. Math fail on my part.
I was thinking 16+16+16... Not 16*16*16... The perils of working when tired!
Crunch gave me a total list size of >11TB for it unhashed so NOOOO! Guess I won't be doing that! :-D

I started looking into Pyrit, but I'm running in a VM, so I can't install the needed drivers to get the CUDA support running for it.
Guess I'll have to install to HD (or USB) at some point to give it a try.

Re: Creating a password list for the BTHomehub2 for PSK cracking

only problem with Crunch is, doesnt randomize the letters/numbers why i used password generator pro as that does. But still a lot of combinations. Still maybe one day i will get another BIG hard drive Also if u pre-hash the words which does make it quick, But if your looking for a complete database, you have to do all the Essid's which is also a lot. So a long time, crunching the hashes, you really need CUDA a very fast Graphics card or 2. I have a Nvidia GTX560ti which really boosts crunching time, but still would take a long time.
I suppose i should try a full Database of Essid's and keep adding combinations. And by the year 2525 might be complete and obsolete lol.
Unless loads of others do bits, and split payload. Mind u no real reason to, but a challenge and to prove wrong is fun lol.

Re: Creating a password list for the BTHomehub2 for PSK cracking

I am running 2x 465gtx cards (I am looking for a board that can handle 4) and get around 60k pmks. It takes me 4 days to punch through every number to 10 digits
If I run pyrit on my i3 laptop NOT supporting cuda I get as many PMKs as aircrack would give me (about 1200 PMKs)
If you have the rainbow tables then just pipe it to cowpatty instead or do it in the cloud

Originally Posted by Jimmy87

@Scamentology

Do you have a setup where you could run that command?

At the moment I can't use pyrit as I don't have a compatible card to use it, but I'd like to know how many keys per second it could crunch? Or any sort of benchamrking really.

Thanks

Last edited by Scamentology; 06-16-2011 at 11:48 AM.

"Never do anything against conscience -- even if the state demands it."
-- Albert Einstein